https://bugzilla.mindrot.org/show_bug.cgi?id=3331
Bug ID: 3331
Summary: Issues with man pages
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: unassigned-bugs@mindrot.org
Reporter: debian@helgefjell.de
Dear OpenSSH maintainer,
the manpage-l10n project maintains a large number of translations of
man pages both from a large variety of sources (including OpenSSH) as
well for a large variety of target languages.
During their work translators notice different possible issues in the
original (english) man pages. Sometimes this is a straightforward
typo, sometimes a hard to read sentence, sometimes this is a
convention not held up and sometimes we simply do not understand the
original.
We use several distributions as sources and update regularly (at
least every 2 month). This means we are fairly recent (some
distributions like archlinux also update frequently) but might miss
the latest upstream version once in a while, so the error might be
already fixed. We apologize and ask you to close the issue immediately
if this should be the case, but given the huge volume of projects and
the very limited number of volunteers we are not able to double check
each and every issue.
Secondly we translators see the manpages in the neutral po format,
i.e. converted and harmonized, but not the original source (be it man,
groff, xml or other). So we cannot provide a true patch (where
possible), but only an approximation which you need to convert into
your source format.
Finally the issues I'm reporting have accumulated over time and are
not always discovered by me, so sometimes my description of the
problem my be a bit limited - do not hesitate to ask so we can clarify
them.
I'm now reporting the errors for your project. If future reports
should use another channel, please let me know.
Man page: sftp.1
Issue: Broken wrapping, everything before "Display" belongs to the
command
"E<.Op Fl hi> E<.Op Ar path> E<.Xc> Display usage information for the "
"filesystem holding the current directory (or E<.Ar path> if
specified). If "
"the E<.Fl h> flag is specified, the capacity information will be
displayed "
"using \"human-readable\" suffixes. The E<.Fl i> flag requests display
of "
"inode information in addition to capacity information. This command
is only "
"supported on servers that implement the E<.Dq statvfs@openssh.com>
extension."
Issue: Broken wrapping, everything before "Create" belongs to the
command
"E<.Op Fl s> E<.Ar oldpath> E<.Ar newpath> E<.Xc> Create a link from
E<.Ar "
"oldpath> to E<.Ar newpath>. If the E<.Fl s> flag is specified the
created "
"link is a symbolic link, otherwise it is a hard link."
Issue: Broken wrapping, everything before "Display" belongs to the
command
"E<.Op Fl 1afhlnrSt> E<.Op Ar path> E<.Xc> Display a remote directory
listing "
"of either E<.Ar path> or the current directory if E<.Ar path> is not "
"specified. E<.Ar path> may contain E<.Xr glob 7> characters and may
match "
"multiple files."
--
Man page: sftp-server.8
Issue: Inconsistent beginning of flag description in this man page:
here lower case 3rd form
"specifies an alternate starting directory for users. The pathname may
"
"contain the following tokens that are expanded at runtime: %% is
replaced by "
"a literal '%', %d is replaced by the home directory of the user being
"
"authenticated, and %u is replaced by the username of that user. The
default "
"is to use the user's home directory. This option is useful in
conjunction "
"with the E<.Xr sshd_config 5> E<.Cm ChrootDirectory> option."
msgstr ""
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Causes E<.Nm> to print logging information to stderr instead of syslog
for "
"debugging."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Specifies the facility code that is used when logging messages from
E<.Nm>. "
"The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, "
"LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Specifies which messages will be logged by E<.Nm>. The possible
values are: "
"QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO "
"and VERBOSE log transactions that E<.Nm> performs on behalf of the
client. "
"DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher "
"levels of debugging output. The default is ERROR."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Specify a comma-separated list of SFTP protocol requests that are
banned by "
"the server. E<.Nm> will reply to any denied request with a failure.
The E<."
"Fl Q> flag can be used to determine the supported request types. If
both "
"denied and allowed lists are specified, then the denied list is
applied "
"before the allowed list."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Specify a comma-separated list of SFTP protocol requests that are
permitted "
"by the server. All request types that are not on the allowed list
will be "
"logged and replied to with a failure message."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Query protocol features supported by E<.Nm>. At present the only
feature "
"that may be queried is E<.Dq requests>, which may be used to deny or
allow "
"specific requests (flags E<.Fl P> and E<.Fl p> respectively)."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Places this instance of E<.Nm> into a read-only mode. Attempts to
open "
"files for writing, as well as other operations that change the state
of the "
"filesystem, will be denied."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Sets an explicit E<.Xr umask 2> to be applied to newly-created files
and "
"directories, instead of the user's default mask."
Issue 1: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
Issue 2: -m ? E<.Fl m>
Issue 3: -u ? E<.Fl u>:
"Sets explicit file permissions to be applied to newly-created files
instead "
"of the default or client requested mode. Numeric values include: 777,
755, "
"750, 666, 644, 640, etc. Using both -m and -u switches makes the
umask (-u) "
"effective only for newly created directories and explicit mode (-m)
for "
"newly created files."
--
Man page: ssh.1.po
Issue: First line belongs to option (missing line break ?)
"E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port> E<.Sm on> E<.Xc> "
"Specifies a local E<.Dq dynamic> application-level port forwarding.
This "
"works by allocating a socket to listen to E<.Ar port> on the local
side, "
"optionally bound to the specified E<.Ar bind_address>. Whenever a "
"connection is made to this port, the connection is forwarded over the
secure "
"channel, and the application protocol is then used to determine where
to "
"connect to from the remote machine. Currently the SOCKS4 and SOCKS5 "
"protocols are supported, and E<.Nm> will act as a SOCKS server. Only
root "
"can forward privileged ports. Dynamic port forwardings can also be "
"specified in the configuration file."
Issue: First sentence strange. Why "supported specified version" but
then limited to version 2?
"Queries E<.Nm> for the algorithms supported for the specified version
2. "
"The available features are: E<.Ar cipher> (supported symmetric
ciphers), E<."
"Ar cipher-auth> (supported symmetric ciphers that support
authenticated "
"encryption), E<.Ar help> (supported query terms for use with the E<.Fl
Q> "
"flag), E<.Ar mac> (supported message integrity codes), E<.Ar kex> (key
"
"exchange algorithms), E<.Ar key> (key types), E<.Ar key-cert>
(certificate "
"key types), E<.Ar key-plain> (non-certificate key types), E<.Ar
key-sig> "
"(all key types and signature algorithms), E<.Ar protocol-version>
(supported "
"SSH protocol versions), and E<.Ar sig> (supported signature
algorithms). "
"Alternatively, any keyword from E<.Xr ssh_config 5> or E<.Xr
sshd_config 5> "
"that takes an algorithm list may be used as an alias for the
corresponding "
"query_option."
Issue: or see ? see
"If the E<.Cm ForwardAgent> variable is set to E<.Dq yes> (or see the "
"description of the E<.Fl A> and E<.Fl a> options above) and the user
is "
"using an authentication agent, the connection to the agent is
automatically "
"forwarded to the remote side."
Issue: IPv6 address can be used everywhere where IPv4 address ? IPv6
addresses can be used everywhere where IPv4 addresses can be used.
"IPv6 address can be used everywhere where IPv4 address. In all entries
must "
"be the IPv6 address enclosed in square brackets. Note: The square
brackets "
"are metacharacters for the shell and must be escaped in shell."
--
Man page: ssh-agent.1
Issue: ssh(1) does not have a section caveats
"Connections to E<.Nm> may be forwarded from further remote hosts using
the "
"E<.Fl A> option to E<.Xr ssh 1> (but see the caveats documented
therein), "
"avoiding the need for authentication data to be stored on other
machines. "
"Authentication passphrases and private keys never go over the network:
the "
"connection to the agent is forwarded over SSH remote connections and
the "
"result is returned to the requester, allowing the user access to their
"
"identities anywhere in the network in a secure fashion."
Issue: ssh-agent. ? E<.Nm>.
"In Debian, E<.Nm> is installed with the set-group-id bit set, to
prevent E<."
"Xr ptrace 2> attacks retrieving private key material. This has the
side-"
"effect of causing the run-time linker to remove certain environment "
"variables which might have security implications for set-id programs,
"
"including E<.Ev LD_PRELOAD>, E<.Ev LD_LIBRARY_PATH>, and E<.Ev
TMPDIR>. If "
"you need to set any of these environment variables, you will need to
do so "
"in the program executed by ssh-agent."
--
Man page: ssh-argv0.1
Issue: The other ssh manpages use the macro .An to denote author names,
this is missing here
"OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu "
"Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de "
"Raadt and Dug Song removed many bugs, re-added newer features and
created "
"OpenSSH. Markus Friedl contributed the support for SSH protocol
versions "
"1.5 and 2.0. Natalie Amery wrote this ssh-argv0 script and the
associated "
"documentation."
--
Man page: ssh_config.5
Issue: Why is the default separated by commas, not spaces?
"Specifies one or more files to use for the global host key database, "
"separated by whitespace. The default is E<.Pa
/etc/ssh/ssh_known_hosts>, E<."
"Pa /etc/ssh/ssh_known_hosts2>."
Issue: known hosts files ? known_hosts files?
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>."
Issue: 2nd sentence strange: The remote port forward … forward
specific host … on local machine?
"Specifies that a TCP port on the remote machine be forwarded over the
secure "
"channel. The remote port may either be forwarded to a specified host
and "
"port from the local machine, or may act as a SOCKS 4/5 proxy that
allows a "
"remote client to connect to arbitrary destinations from the local
machine. "
"The first argument is the listening specification and may be E<.Sm
off> E<."
"Oo Ar bind_address : Oc Ar port> E<.Sm on> or, if the remote host
supports "
"it, a Unix domain socket path. If forwarding to a specific
destination then "
"remote forwarding will be established as a SOCKS proxy. When acting
as a "
"SOCKS proxy the destination of the connection can be restricted by
E<.Cm "
"PermitRemoteOpen>."
Issue: user known hosts files ? users known_hosts files
"If this flag is set to E<.Dq accept-new> then ssh will automatically
add new "
"host keys to the user known hosts files, but will not permit
connections to "
"hosts with changed host keys. If this flag is set to E<.Dq no> or
E<.Dq "
"off>, ssh will automatically add new host keys to the user known hosts
files "
"and allow connections to hosts with changed hostkeys to proceed,
subject to "
"some restrictions. If this flag is set to E<.Cm ask> (the default),
new "
"host keys will be added to the user known host files only after the
user has "
"confirmed that is what they really want to do, and ssh will refuse to
"
"connect to hosts whose host key has changed. The host keys of known
hosts "
"will be verified automatically in all cases."
Issue: Missing full stop
"The type of the server host key, e.g. E<.Cm ssh-ed25519>"
Issue: known hosts files ? E<.Pa known_hosts> files?
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>. Use of this option may break facilities such as tab-"
"completion that rely on being able to read unhashed host names from
E<.Pa ~/."
"ssh/known_hosts>."
Issue 1: There is supported ? There is support for
Issue 2: Unnecessary space before closing parenthesis
"The authentication identity can be also specified in a form of PKCS#11
URI "
"starting with a string E<.Cm pkcs11:>. There is supported a subset of
the "
"PKCS#11 URI as defined in RFC 7512 (implemented path arguments E<.Cm
id>, E<."
"Cm manufacturer>, E<.Cm object>, E<.Cm token> and query arguments
E<.Cm "
"module-path> and E<.Cm pin-value> ). The URI can not be in quotes."
--
Man page: ssh-copy-id.1
Issue: and using ssh ? and using E<.Xr ssh 1>
"E<.Nm> is a script that uses E<.Xr ssh 1> to log into a remote machine
"
"(presumably using a login password, so password authentication should
be "
"enabled, unless you've done some clever use of multiple identities).
It "
"assembles a list of one or more fingerprints (as described below) and
tries "
"to log in with each key, to see if any of them are already installed
(of "
"course, if you are not using E<.Xr ssh-agent 1> this may result in you
being "
"repeatedly prompted for pass-phrases). It then assembles a list of
those "
"that failed to log in, and using ssh, enables logins with those keys
on the "
"remote server. By default it adds the keys by appending them to the
remote "
"user's E<.Pa ~/.ssh/authorized_keys> (creating the file, and
directory, if "
"necessary). It is also capable of detecting if the remote system is a
"
"NetScreen, and using its E<.Ql set ssh pka-dsa key ...> command
instead."
Issue: by ssh-ing ? by E<.Xr ssh 1>-ing
"If you have already installed keys from one system on a lot of remote
hosts, "
"and you then create a new key, on a new client machine, say, it can be
"
"difficult to keep track of which systems on which you've installed the
new "
"key. One way of dealing with this is to load both the new key and old
"
"key(s) into your E<.Xr ssh-agent 1>. Load the new key first, without
the E<."
"Fl c> option, then load one or more old keys into the agent, possibly
by ssh-"
"ing to the client machine that has that old key, using the E<.Fl A>
option "
"to allow agent forwarding:"
Issue: -i ? E<.Fl i>
"The reason you might want to specify the -i option in this case is to
ensure "
"that the comment on the installed key is the one from the E<.Pa .pub>
file, "
"rather than just the filename that was loaded into your agent. It
also "
"ensures that only the id you intended is installed, rather than all
the keys "
"that you have in your E<.Xr ssh-agent 1>. Of course, you can specify
"
"another id, or use the contents of the E<.Xr ssh-agent 1> as you
prefer."
--
Man page: sshd.8
Issue 1: rlogin and rsh ? E<.Xr rlogin 1> and E<.Xr rsh 1>
Issue 2: Mention "rshd" as well?
Issue 3: Together these programms replace ? This programm replaces
"E<.Nm> (OpenSSH Daemon) is the daemon program for E<.Xr ssh 1>.
Together "
"these programs replace rlogin and rsh, and provide secure encrypted "
"communications between two untrusted hosts over an insecure network."
Issue: /etc/rc is outdated (at least on Linux)
"E<.Nm> listens for connections from clients. It is normally started
at boot "
"from E<.Pa /etc/rc>. It forks a new daemon for each incoming
connection. "
"The forked daemons handle key exchange, encryption, authentication,
command "
"execution, and data exchange."
Issue: E<.Dq addr,> ? E<.Dq addr>,
"Specify the connection parameters to use for the E<.Fl T> extended
test "
"mode. If provided, any E<.Cm Match> directives in the configuration
file "
"that would apply are applied before the configuration is written to
standard "
"output. The connection parameters are supplied as keyword=value pairs
and "
"may be supplied in any order, either with multiple E<.Fl C> options or
as a "
"comma-separated list. The keywords are E<.Dq addr,> E<.Dq user>,
E<.Dq "
"host>, E<.Dq laddr>, E<.Dq lport>, and E<.Dq rdomain> and correspond
to "
"source address, user, resolved source host name, local address, local
port "
"number and routing domain respectively."
Issue: fork ? E<.Xr fork 2>
"Debug mode. The server sends verbose debug output to standard error,
and "
"does not put itself in the background. The server also will not fork
and "
"will only process one connection. This option is only intended for "
"debugging for the server. Multiple E<.Fl d> options increase the
debugging "
"level. Maximum is 3."
Issue: Last sentence is unclear: One file per algorithm?
"Specifies a file from which a host key is read. This option must be
given "
"if E<.Nm> is not run as root (as the normal host key files are
normally not "
"readable by anyone but root). The default is E<.Pa /etc/ssh/"
"ssh_host_ecdsa_key>, E<.Pa /etc/ssh/ssh_host_ed25519_key> and E<.Pa
/etc/ssh/"
"ssh_host_rsa_key>. It is possible to have multiple host key files for
the "
"different host key algorithms."
Issue 1: E<.Cm DenyGroups> \\&. ? E<.Cm DenyGroups>\\&.
Issue 2: eg ? e.g.
Issue 3: ( E<.Ql ? (E<.Ql
Issue 4: \\&*NP\\&*> ) ? \\&*NP\\&*>)
"Regardless of the authentication type, the account is checked to
ensure that "
"it is accessible. An account is not accessible if it is locked,
listed in "
"E<.Cm DenyUsers> or its group is listed in E<.Cm DenyGroups> \\&. The
"
"definition of a locked account is system dependent. Some platforms
have "
"their own account database (eg AIX) and some modify the passwd field (
E<.Ql "
"\\&*LK\\&*> on Solaris and UnixWare, E<.Ql \\&*> on HP-UX, containing
E<.Ql "
"Nologin> on Tru64, a leading E<.Ql \\&*LOCKED\\&*> on FreeBSD and a
leading "
"E<.Ql \\&!> on most Linuxes). If there is a requirement to disable
password "
"authentication for the account while allowing still public-key, then
the "
"passwd field should be set to something other than these values (eg
E<.Ql "
"NP> or E<.Ql \\&*NP\\&*> )."
Issue: xauth. ? B<xauth>(1).
"If E<.Pa ~/.ssh/rc> exists and the E<.Xr sshd_config 5> E<.Cm
PermitUserRC> "
"option is set, runs it; else if E<.Pa /etc/ssh/sshrc> exists, runs it;
"
"otherwise runs xauth. The E<.Dq rc> files are given the X11
authentication "
"protocol and cookie in standard input. See E<.Sx SSHRC>, below."
Issue: IPv6 address can be used everywhere where IPv4 address ? IPv6
addresses can be used everywhere where IPv4 addresses can be used.
"IPv6 address can be used everywhere where IPv4 address. In all entries
must "
"be the IPv6 address enclosed in square brackets. Note: The square
brackets "
"are metacharacters for the shell and must be escaped in shell."
--
Man page: sshd_config.5
Issue: Something missing or wrong fullstop after E<.Cm pam>?
"For keyboard interactive authentication it is also possible to
restrict "
"authentication to a specific device by appending a colon followed by
the "
"device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the
server "
"configuration. For example, E<.Qq keyboard-interactive:bsdauth> would
"
"restrict keyboard interactive authentication to the E<.Cm bsdauth>
device."
Issue: Missing full stop after closing bracket
"Specifies whether challenge-response authentication is allowed (e.g.
via PAM "
"or through authentication styles supported in E<.Xr login.conf 5>)
The "
"default is E<.Cm yes>."
Issue: safety ? security
"For safety, it is very important that the directory hierarchy be
prevented "
"from modification by other processes on the system (especially those
outside "
"the jail). Misconfiguration can lead to unsafe environments which
E<.Xr "
"sshd 8> cannot detect."
Issue: on the current hostname ? on the current host
"Determines whether to be strict about the identity of the GSSAPI
acceptor a "
"client authenticates against. If set to E<.Cm yes> then the client
must "
"authenticate against the host service on the current hostname. If set
to E<."
"Cm no> then the client may authenticate against any service key stored
in "
"the machine's default store. This facility is provided to assist with
"
"operation on multi homed machines. The default is E<.Cm yes>."
Issue: What is "to explicit localhost addresses"? Is there a verb
missing?
"Multiple permissions may be specified by separating them with
whitespace. "
"An argument of E<.Cm any> can be used to remove all restrictions and
permit "
"any listen requests. An argument of E<.Cm none> can be used to
prohibit all "
"listen requests. The host name may contain wildcards as described in
the "
"PATTERNS section in E<.Xr ssh_config 5>. The wildcard E<.Sq *> can
also be "
"used in place of a port number to allow all ports. By default all
port "
"forwarding listen requests are permitted. Note that the E<.Cm
GatewayPorts> "
"option may further restrict which addresses may be listened on. Note
also "
"that E<.Xr ssh 1> will request a listen host of E<.Dq localhost> if no
"
"listen host was specifically requested, and this name is treated
differently "
"to explicit localhost addresses of E<.Dq 127.0.0.1> and E<.Dq ::1>."
Issue: Valid options ? Valid settings
"Specifies whether E<.Pa ~/.ssh/environment> and E<.Cm environment=>
options "
"in E<.Pa ~/.ssh/authorized_keys> are processed by E<.Xr sshd 8>.
Valid "
"options are E<.Cm yes>, E<.Cm no> or a pattern-list specifying which "
"environment variable names to accept (for example E<.Qq LANG,LC_*>).
The "
"default is E<.Cm no>. Enabling environment processing may enable
users to "
"bypass access restrictions in some configurations using mechanisms
such as "
"E<.Ev LD_PRELOAD>."
Issue: as well and ? as well as
"Specifies an explicit routing domain that is applied after
authentication "
"has completed. The user session, as well and any forwarded or
listening IP "
"sockets, will be bound to this E<.Xr rdomain 4>. If the routing
domain is "
"set to E<.Cm \\&%D>, then the domain in which the incoming connection
was "
"received will be applied."
Issue: Superfluous space after first opening bracket
"E<.Xr sshd 8> reads configuration data from E<.Pa
/etc/ssh/sshd_config> ( E<."
"Pa /usr/etc/ssh/sshd_config> if the file does not exist or the file "
"specified with E<.Fl f> on the command line). The file contains
keyword-"
"argument pairs, one per line. For each keyword, the first obtained
value "
"will be used. Lines starting with E<.Ql #> and empty lines are
interpreted "
"as comments. Arguments may optionally be enclosed in double quotes
E<.Pq \\&"
"\"> in order to represent arguments containing spaces."
Issue: Superfluous space before comma in first line
"When set to E<.Dq yes> , the checks whether the account has been
locked with "
"E<.Pa passwd -l> are performed even when PAM authentication is enabled
via "
"E<.Cm UsePAM>. This is to ensure that it is not possible to log in
with e."
"g. a public key (in such a case PAM is used only to set up the session
and "
"some PAM modules will not check whether the account is locked in this
"
"scenario). The default is E<.Dq no>."
--
Man page: ssh-keygen.1.po
Issue: 2011). ? 2011),
"For example: E<.Dq +52w1d> (valid from now to 52 weeks and one day
from "
"now), E<.Dq -4w:+4w> (valid from four weeks ago to four weeks from
now), E<."
"Dq 20100101123000:20110101123000> (valid from 12:30 PM, January 1st,
2010 to "
"12:30 PM, January 1st, 2011), E<.Dq -1d:20110101> (valid from
yesterday to "
"midnight, January 1st, 2011). E<.Dq -1m:forever> (valid from one
minute ago "
"and never expiring)."
Issue: See ? see
"The principals field is a pattern-list (See PATTERNS in E<.Xr
ssh_config "
"5>) consisting of one or more comma-separated USER@DOMAIN identity
patterns "
"that are accepted for signing. When verifying, the identity presented
via "
"the E<.Fl I> option must match a principals pattern in order for the "
"corresponding key to be considered acceptable for verification."
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3331
Summary: Issues with man pages
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: All
Status: NEW
Severity: minor
Priority: P5
Component: Documentation
Assignee: unassigned-bugs@mindrot.org
Reporter: debian@helgefjell.de
Dear OpenSSH maintainer,
the manpage-l10n project maintains a large number of translations of
man pages both from a large variety of sources (including OpenSSH) as
well for a large variety of target languages.
During their work translators notice different possible issues in the
original (english) man pages. Sometimes this is a straightforward
typo, sometimes a hard to read sentence, sometimes this is a
convention not held up and sometimes we simply do not understand the
original.
We use several distributions as sources and update regularly (at
least every 2 month). This means we are fairly recent (some
distributions like archlinux also update frequently) but might miss
the latest upstream version once in a while, so the error might be
already fixed. We apologize and ask you to close the issue immediately
if this should be the case, but given the huge volume of projects and
the very limited number of volunteers we are not able to double check
each and every issue.
Secondly we translators see the manpages in the neutral po format,
i.e. converted and harmonized, but not the original source (be it man,
groff, xml or other). So we cannot provide a true patch (where
possible), but only an approximation which you need to convert into
your source format.
Finally the issues I'm reporting have accumulated over time and are
not always discovered by me, so sometimes my description of the
problem my be a bit limited - do not hesitate to ask so we can clarify
them.
I'm now reporting the errors for your project. If future reports
should use another channel, please let me know.
Man page: sftp.1
Issue: Broken wrapping, everything before "Display" belongs to the
command
"E<.Op Fl hi> E<.Op Ar path> E<.Xc> Display usage information for the "
"filesystem holding the current directory (or E<.Ar path> if
specified). If "
"the E<.Fl h> flag is specified, the capacity information will be
displayed "
"using \"human-readable\" suffixes. The E<.Fl i> flag requests display
of "
"inode information in addition to capacity information. This command
is only "
"supported on servers that implement the E<.Dq statvfs@openssh.com>
extension."
Issue: Broken wrapping, everything before "Create" belongs to the
command
"E<.Op Fl s> E<.Ar oldpath> E<.Ar newpath> E<.Xc> Create a link from
E<.Ar "
"oldpath> to E<.Ar newpath>. If the E<.Fl s> flag is specified the
created "
"link is a symbolic link, otherwise it is a hard link."
Issue: Broken wrapping, everything before "Display" belongs to the
command
"E<.Op Fl 1afhlnrSt> E<.Op Ar path> E<.Xc> Display a remote directory
listing "
"of either E<.Ar path> or the current directory if E<.Ar path> is not "
"specified. E<.Ar path> may contain E<.Xr glob 7> characters and may
match "
"multiple files."
--
Man page: sftp-server.8
Issue: Inconsistent beginning of flag description in this man page:
here lower case 3rd form
"specifies an alternate starting directory for users. The pathname may
"
"contain the following tokens that are expanded at runtime: %% is
replaced by "
"a literal '%', %d is replaced by the home directory of the user being
"
"authenticated, and %u is replaced by the username of that user. The
default "
"is to use the user's home directory. This option is useful in
conjunction "
"with the E<.Xr sshd_config 5> E<.Cm ChrootDirectory> option."
msgstr ""
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Causes E<.Nm> to print logging information to stderr instead of syslog
for "
"debugging."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Specifies the facility code that is used when logging messages from
E<.Nm>. "
"The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
LOCAL3, "
"LOCAL4, LOCAL5, LOCAL6, LOCAL7. The default is AUTH."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Specifies which messages will be logged by E<.Nm>. The possible
values are: "
"QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3.
INFO "
"and VERBOSE log transactions that E<.Nm> performs on behalf of the
client. "
"DEBUG and DEBUG1 are equivalent. DEBUG2 and DEBUG3 each specify
higher "
"levels of debugging output. The default is ERROR."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Specify a comma-separated list of SFTP protocol requests that are
banned by "
"the server. E<.Nm> will reply to any denied request with a failure.
The E<."
"Fl Q> flag can be used to determine the supported request types. If
both "
"denied and allowed lists are specified, then the denied list is
applied "
"before the allowed list."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Specify a comma-separated list of SFTP protocol requests that are
permitted "
"by the server. All request types that are not on the allowed list
will be "
"logged and replied to with a failure message."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 2rd form
"Query protocol features supported by E<.Nm>. At present the only
feature "
"that may be queried is E<.Dq requests>, which may be used to deny or
allow "
"specific requests (flags E<.Fl P> and E<.Fl p> respectively)."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Places this instance of E<.Nm> into a read-only mode. Attempts to
open "
"files for writing, as well as other operations that change the state
of the "
"filesystem, will be denied."
Issue: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
"Sets an explicit E<.Xr umask 2> to be applied to newly-created files
and "
"directories, instead of the user's default mask."
Issue 1: Inconsistent beginning of flag description in this man page:
here upper case 3rd form
Issue 2: -m ? E<.Fl m>
Issue 3: -u ? E<.Fl u>:
"Sets explicit file permissions to be applied to newly-created files
instead "
"of the default or client requested mode. Numeric values include: 777,
755, "
"750, 666, 644, 640, etc. Using both -m and -u switches makes the
umask (-u) "
"effective only for newly created directories and explicit mode (-m)
for "
"newly created files."
--
Man page: ssh.1.po
Issue: First line belongs to option (missing line break ?)
"E<.Sm off> E<.Oo Ar bind_address : Oc> E<.Ar port> E<.Sm on> E<.Xc> "
"Specifies a local E<.Dq dynamic> application-level port forwarding.
This "
"works by allocating a socket to listen to E<.Ar port> on the local
side, "
"optionally bound to the specified E<.Ar bind_address>. Whenever a "
"connection is made to this port, the connection is forwarded over the
secure "
"channel, and the application protocol is then used to determine where
to "
"connect to from the remote machine. Currently the SOCKS4 and SOCKS5 "
"protocols are supported, and E<.Nm> will act as a SOCKS server. Only
root "
"can forward privileged ports. Dynamic port forwardings can also be "
"specified in the configuration file."
Issue: First sentence strange. Why "supported specified version" but
then limited to version 2?
"Queries E<.Nm> for the algorithms supported for the specified version
2. "
"The available features are: E<.Ar cipher> (supported symmetric
ciphers), E<."
"Ar cipher-auth> (supported symmetric ciphers that support
authenticated "
"encryption), E<.Ar help> (supported query terms for use with the E<.Fl
Q> "
"flag), E<.Ar mac> (supported message integrity codes), E<.Ar kex> (key
"
"exchange algorithms), E<.Ar key> (key types), E<.Ar key-cert>
(certificate "
"key types), E<.Ar key-plain> (non-certificate key types), E<.Ar
key-sig> "
"(all key types and signature algorithms), E<.Ar protocol-version>
(supported "
"SSH protocol versions), and E<.Ar sig> (supported signature
algorithms). "
"Alternatively, any keyword from E<.Xr ssh_config 5> or E<.Xr
sshd_config 5> "
"that takes an algorithm list may be used as an alias for the
corresponding "
"query_option."
Issue: or see ? see
"If the E<.Cm ForwardAgent> variable is set to E<.Dq yes> (or see the "
"description of the E<.Fl A> and E<.Fl a> options above) and the user
is "
"using an authentication agent, the connection to the agent is
automatically "
"forwarded to the remote side."
Issue: IPv6 address can be used everywhere where IPv4 address ? IPv6
addresses can be used everywhere where IPv4 addresses can be used.
"IPv6 address can be used everywhere where IPv4 address. In all entries
must "
"be the IPv6 address enclosed in square brackets. Note: The square
brackets "
"are metacharacters for the shell and must be escaped in shell."
--
Man page: ssh-agent.1
Issue: ssh(1) does not have a section caveats
"Connections to E<.Nm> may be forwarded from further remote hosts using
the "
"E<.Fl A> option to E<.Xr ssh 1> (but see the caveats documented
therein), "
"avoiding the need for authentication data to be stored on other
machines. "
"Authentication passphrases and private keys never go over the network:
the "
"connection to the agent is forwarded over SSH remote connections and
the "
"result is returned to the requester, allowing the user access to their
"
"identities anywhere in the network in a secure fashion."
Issue: ssh-agent. ? E<.Nm>.
"In Debian, E<.Nm> is installed with the set-group-id bit set, to
prevent E<."
"Xr ptrace 2> attacks retrieving private key material. This has the
side-"
"effect of causing the run-time linker to remove certain environment "
"variables which might have security implications for set-id programs,
"
"including E<.Ev LD_PRELOAD>, E<.Ev LD_LIBRARY_PATH>, and E<.Ev
TMPDIR>. If "
"you need to set any of these environment variables, you will need to
do so "
"in the program executed by ssh-agent."
--
Man page: ssh-argv0.1
Issue: The other ssh manpages use the macro .An to denote author names,
this is missing here
"OpenSSH is a derivative of the original and free ssh 1.2.12 release by
Tatu "
"Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos, Theo
de "
"Raadt and Dug Song removed many bugs, re-added newer features and
created "
"OpenSSH. Markus Friedl contributed the support for SSH protocol
versions "
"1.5 and 2.0. Natalie Amery wrote this ssh-argv0 script and the
associated "
"documentation."
--
Man page: ssh_config.5
Issue: Why is the default separated by commas, not spaces?
"Specifies one or more files to use for the global host key database, "
"separated by whitespace. The default is E<.Pa
/etc/ssh/ssh_known_hosts>, E<."
"Pa /etc/ssh/ssh_known_hosts2>."
Issue: known hosts files ? known_hosts files?
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>."
Issue: 2nd sentence strange: The remote port forward … forward
specific host … on local machine?
"Specifies that a TCP port on the remote machine be forwarded over the
secure "
"channel. The remote port may either be forwarded to a specified host
and "
"port from the local machine, or may act as a SOCKS 4/5 proxy that
allows a "
"remote client to connect to arbitrary destinations from the local
machine. "
"The first argument is the listening specification and may be E<.Sm
off> E<."
"Oo Ar bind_address : Oc Ar port> E<.Sm on> or, if the remote host
supports "
"it, a Unix domain socket path. If forwarding to a specific
destination then "
"remote forwarding will be established as a SOCKS proxy. When acting
as a "
"SOCKS proxy the destination of the connection can be restricted by
E<.Cm "
"PermitRemoteOpen>."
Issue: user known hosts files ? users known_hosts files
"If this flag is set to E<.Dq accept-new> then ssh will automatically
add new "
"host keys to the user known hosts files, but will not permit
connections to "
"hosts with changed host keys. If this flag is set to E<.Dq no> or
E<.Dq "
"off>, ssh will automatically add new host keys to the user known hosts
files "
"and allow connections to hosts with changed hostkeys to proceed,
subject to "
"some restrictions. If this flag is set to E<.Cm ask> (the default),
new "
"host keys will be added to the user known host files only after the
user has "
"confirmed that is what they really want to do, and ssh will refuse to
"
"connect to hosts whose host key has changed. The host keys of known
hosts "
"will be verified automatically in all cases."
Issue: Missing full stop
"The type of the server host key, e.g. E<.Cm ssh-ed25519>"
Issue: known hosts files ? E<.Pa known_hosts> files?
"Indicates that E<.Xr ssh 1> should hash host names and addresses when
they "
"are added to E<.Pa ~/.ssh/known_hosts>. These hashed names may be
used "
"normally by E<.Xr ssh 1> and E<.Xr sshd 8>, but they do not visually
reveal "
"identifying information if the file's contents are disclosed. The
default "
"is E<.Cm no>. Note that existing names and addresses in known hosts
files "
"will not be converted automatically, but may be manually hashed using
E<.Xr "
"ssh-keygen 1>. Use of this option may break facilities such as tab-"
"completion that rely on being able to read unhashed host names from
E<.Pa ~/."
"ssh/known_hosts>."
Issue 1: There is supported ? There is support for
Issue 2: Unnecessary space before closing parenthesis
"The authentication identity can be also specified in a form of PKCS#11
URI "
"starting with a string E<.Cm pkcs11:>. There is supported a subset of
the "
"PKCS#11 URI as defined in RFC 7512 (implemented path arguments E<.Cm
id>, E<."
"Cm manufacturer>, E<.Cm object>, E<.Cm token> and query arguments
E<.Cm "
"module-path> and E<.Cm pin-value> ). The URI can not be in quotes."
--
Man page: ssh-copy-id.1
Issue: and using ssh ? and using E<.Xr ssh 1>
"E<.Nm> is a script that uses E<.Xr ssh 1> to log into a remote machine
"
"(presumably using a login password, so password authentication should
be "
"enabled, unless you've done some clever use of multiple identities).
It "
"assembles a list of one or more fingerprints (as described below) and
tries "
"to log in with each key, to see if any of them are already installed
(of "
"course, if you are not using E<.Xr ssh-agent 1> this may result in you
being "
"repeatedly prompted for pass-phrases). It then assembles a list of
those "
"that failed to log in, and using ssh, enables logins with those keys
on the "
"remote server. By default it adds the keys by appending them to the
remote "
"user's E<.Pa ~/.ssh/authorized_keys> (creating the file, and
directory, if "
"necessary). It is also capable of detecting if the remote system is a
"
"NetScreen, and using its E<.Ql set ssh pka-dsa key ...> command
instead."
Issue: by ssh-ing ? by E<.Xr ssh 1>-ing
"If you have already installed keys from one system on a lot of remote
hosts, "
"and you then create a new key, on a new client machine, say, it can be
"
"difficult to keep track of which systems on which you've installed the
new "
"key. One way of dealing with this is to load both the new key and old
"
"key(s) into your E<.Xr ssh-agent 1>. Load the new key first, without
the E<."
"Fl c> option, then load one or more old keys into the agent, possibly
by ssh-"
"ing to the client machine that has that old key, using the E<.Fl A>
option "
"to allow agent forwarding:"
Issue: -i ? E<.Fl i>
"The reason you might want to specify the -i option in this case is to
ensure "
"that the comment on the installed key is the one from the E<.Pa .pub>
file, "
"rather than just the filename that was loaded into your agent. It
also "
"ensures that only the id you intended is installed, rather than all
the keys "
"that you have in your E<.Xr ssh-agent 1>. Of course, you can specify
"
"another id, or use the contents of the E<.Xr ssh-agent 1> as you
prefer."
--
Man page: sshd.8
Issue 1: rlogin and rsh ? E<.Xr rlogin 1> and E<.Xr rsh 1>
Issue 2: Mention "rshd" as well?
Issue 3: Together these programms replace ? This programm replaces
"E<.Nm> (OpenSSH Daemon) is the daemon program for E<.Xr ssh 1>.
Together "
"these programs replace rlogin and rsh, and provide secure encrypted "
"communications between two untrusted hosts over an insecure network."
Issue: /etc/rc is outdated (at least on Linux)
"E<.Nm> listens for connections from clients. It is normally started
at boot "
"from E<.Pa /etc/rc>. It forks a new daemon for each incoming
connection. "
"The forked daemons handle key exchange, encryption, authentication,
command "
"execution, and data exchange."
Issue: E<.Dq addr,> ? E<.Dq addr>,
"Specify the connection parameters to use for the E<.Fl T> extended
test "
"mode. If provided, any E<.Cm Match> directives in the configuration
file "
"that would apply are applied before the configuration is written to
standard "
"output. The connection parameters are supplied as keyword=value pairs
and "
"may be supplied in any order, either with multiple E<.Fl C> options or
as a "
"comma-separated list. The keywords are E<.Dq addr,> E<.Dq user>,
E<.Dq "
"host>, E<.Dq laddr>, E<.Dq lport>, and E<.Dq rdomain> and correspond
to "
"source address, user, resolved source host name, local address, local
port "
"number and routing domain respectively."
Issue: fork ? E<.Xr fork 2>
"Debug mode. The server sends verbose debug output to standard error,
and "
"does not put itself in the background. The server also will not fork
and "
"will only process one connection. This option is only intended for "
"debugging for the server. Multiple E<.Fl d> options increase the
debugging "
"level. Maximum is 3."
Issue: Last sentence is unclear: One file per algorithm?
"Specifies a file from which a host key is read. This option must be
given "
"if E<.Nm> is not run as root (as the normal host key files are
normally not "
"readable by anyone but root). The default is E<.Pa /etc/ssh/"
"ssh_host_ecdsa_key>, E<.Pa /etc/ssh/ssh_host_ed25519_key> and E<.Pa
/etc/ssh/"
"ssh_host_rsa_key>. It is possible to have multiple host key files for
the "
"different host key algorithms."
Issue 1: E<.Cm DenyGroups> \\&. ? E<.Cm DenyGroups>\\&.
Issue 2: eg ? e.g.
Issue 3: ( E<.Ql ? (E<.Ql
Issue 4: \\&*NP\\&*> ) ? \\&*NP\\&*>)
"Regardless of the authentication type, the account is checked to
ensure that "
"it is accessible. An account is not accessible if it is locked,
listed in "
"E<.Cm DenyUsers> or its group is listed in E<.Cm DenyGroups> \\&. The
"
"definition of a locked account is system dependent. Some platforms
have "
"their own account database (eg AIX) and some modify the passwd field (
E<.Ql "
"\\&*LK\\&*> on Solaris and UnixWare, E<.Ql \\&*> on HP-UX, containing
E<.Ql "
"Nologin> on Tru64, a leading E<.Ql \\&*LOCKED\\&*> on FreeBSD and a
leading "
"E<.Ql \\&!> on most Linuxes). If there is a requirement to disable
password "
"authentication for the account while allowing still public-key, then
the "
"passwd field should be set to something other than these values (eg
E<.Ql "
"NP> or E<.Ql \\&*NP\\&*> )."
Issue: xauth. ? B<xauth>(1).
"If E<.Pa ~/.ssh/rc> exists and the E<.Xr sshd_config 5> E<.Cm
PermitUserRC> "
"option is set, runs it; else if E<.Pa /etc/ssh/sshrc> exists, runs it;
"
"otherwise runs xauth. The E<.Dq rc> files are given the X11
authentication "
"protocol and cookie in standard input. See E<.Sx SSHRC>, below."
Issue: IPv6 address can be used everywhere where IPv4 address ? IPv6
addresses can be used everywhere where IPv4 addresses can be used.
"IPv6 address can be used everywhere where IPv4 address. In all entries
must "
"be the IPv6 address enclosed in square brackets. Note: The square
brackets "
"are metacharacters for the shell and must be escaped in shell."
--
Man page: sshd_config.5
Issue: Something missing or wrong fullstop after E<.Cm pam>?
"For keyboard interactive authentication it is also possible to
restrict "
"authentication to a specific device by appending a colon followed by
the "
"device identifier E<.Cm bsdauth> or E<.Cm pam>. depending on the
server "
"configuration. For example, E<.Qq keyboard-interactive:bsdauth> would
"
"restrict keyboard interactive authentication to the E<.Cm bsdauth>
device."
Issue: Missing full stop after closing bracket
"Specifies whether challenge-response authentication is allowed (e.g.
via PAM "
"or through authentication styles supported in E<.Xr login.conf 5>)
The "
"default is E<.Cm yes>."
Issue: safety ? security
"For safety, it is very important that the directory hierarchy be
prevented "
"from modification by other processes on the system (especially those
outside "
"the jail). Misconfiguration can lead to unsafe environments which
E<.Xr "
"sshd 8> cannot detect."
Issue: on the current hostname ? on the current host
"Determines whether to be strict about the identity of the GSSAPI
acceptor a "
"client authenticates against. If set to E<.Cm yes> then the client
must "
"authenticate against the host service on the current hostname. If set
to E<."
"Cm no> then the client may authenticate against any service key stored
in "
"the machine's default store. This facility is provided to assist with
"
"operation on multi homed machines. The default is E<.Cm yes>."
Issue: What is "to explicit localhost addresses"? Is there a verb
missing?
"Multiple permissions may be specified by separating them with
whitespace. "
"An argument of E<.Cm any> can be used to remove all restrictions and
permit "
"any listen requests. An argument of E<.Cm none> can be used to
prohibit all "
"listen requests. The host name may contain wildcards as described in
the "
"PATTERNS section in E<.Xr ssh_config 5>. The wildcard E<.Sq *> can
also be "
"used in place of a port number to allow all ports. By default all
port "
"forwarding listen requests are permitted. Note that the E<.Cm
GatewayPorts> "
"option may further restrict which addresses may be listened on. Note
also "
"that E<.Xr ssh 1> will request a listen host of E<.Dq localhost> if no
"
"listen host was specifically requested, and this name is treated
differently "
"to explicit localhost addresses of E<.Dq 127.0.0.1> and E<.Dq ::1>."
Issue: Valid options ? Valid settings
"Specifies whether E<.Pa ~/.ssh/environment> and E<.Cm environment=>
options "
"in E<.Pa ~/.ssh/authorized_keys> are processed by E<.Xr sshd 8>.
Valid "
"options are E<.Cm yes>, E<.Cm no> or a pattern-list specifying which "
"environment variable names to accept (for example E<.Qq LANG,LC_*>).
The "
"default is E<.Cm no>. Enabling environment processing may enable
users to "
"bypass access restrictions in some configurations using mechanisms
such as "
"E<.Ev LD_PRELOAD>."
Issue: as well and ? as well as
"Specifies an explicit routing domain that is applied after
authentication "
"has completed. The user session, as well and any forwarded or
listening IP "
"sockets, will be bound to this E<.Xr rdomain 4>. If the routing
domain is "
"set to E<.Cm \\&%D>, then the domain in which the incoming connection
was "
"received will be applied."
Issue: Superfluous space after first opening bracket
"E<.Xr sshd 8> reads configuration data from E<.Pa
/etc/ssh/sshd_config> ( E<."
"Pa /usr/etc/ssh/sshd_config> if the file does not exist or the file "
"specified with E<.Fl f> on the command line). The file contains
keyword-"
"argument pairs, one per line. For each keyword, the first obtained
value "
"will be used. Lines starting with E<.Ql #> and empty lines are
interpreted "
"as comments. Arguments may optionally be enclosed in double quotes
E<.Pq \\&"
"\"> in order to represent arguments containing spaces."
Issue: Superfluous space before comma in first line
"When set to E<.Dq yes> , the checks whether the account has been
locked with "
"E<.Pa passwd -l> are performed even when PAM authentication is enabled
via "
"E<.Cm UsePAM>. This is to ensure that it is not possible to log in
with e."
"g. a public key (in such a case PAM is used only to set up the session
and "
"some PAM modules will not check whether the account is locked in this
"
"scenario). The default is E<.Dq no>."
--
Man page: ssh-keygen.1.po
Issue: 2011). ? 2011),
"For example: E<.Dq +52w1d> (valid from now to 52 weeks and one day
from "
"now), E<.Dq -4w:+4w> (valid from four weeks ago to four weeks from
now), E<."
"Dq 20100101123000:20110101123000> (valid from 12:30 PM, January 1st,
2010 to "
"12:30 PM, January 1st, 2011), E<.Dq -1d:20110101> (valid from
yesterday to "
"midnight, January 1st, 2011). E<.Dq -1m:forever> (valid from one
minute ago "
"and never expiring)."
Issue: See ? see
"The principals field is a pattern-list (See PATTERNS in E<.Xr
ssh_config "
"5>) consisting of one or more comma-separated USER@DOMAIN identity
patterns "
"that are accepted for signing. When verifying, the identity presented
via "
"the E<.Fl I> option must match a principals pattern in order for the "
"corresponding key to be considered acceptable for verification."
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs